keystone public client requests can leak admin endpoint details
Bug #1543335 reported by
sahilsinha
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| python-openstackclient |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Keystone is set up with a publicURL that points to a public IP.
from a remote client accessing the publicURL endpoint:
openstack token issue works as expected
openstack user password set (or any other keystone command) returns:
Failed to contact the endpoint at https:/
Unable to establish connection to https:/
doing openstack --os-interface public resolves the issue and allows one to update a password via the publicURL endpoint or get the appropriate response from other commands(403)
| description: | updated |
Revision history for this message
| Dean Troyer (dtroyer) wrote | #1 |
Revision history for this message
| Dean Troyer (dtroyer) wrote | #2 |
Revision history for this message
| Dean Troyer (dtroyer) wrote | #3 |
| Changed in python-openstackclient: | |
| status: | New → Incomplete |
| Changed in python-openstackclient: | |
| status: | Incomplete → Invalid |
| information type: | Private Security → Public |
To post a comment you must log in.
It is possible this is a keystoneclient default leaking though (I haven't looked yet).